RHN Satellite and Proxy: This is the final notification of the End Of Life (EOL) plans for the following
versions of Red Hat Satellite Proxy 5:
* Red Hat Satellite Proxy 5.2
* Red Hat Satellite Proxy 5.3
* Red Hat Satellite Proxy 5.4
* Red Hat Satellite Proxy 5.5
RHN Satellite and Proxy: This is the final notification of the End Of Life (EOL) plans for the
following versions of Red Hat Satellite 5:
* Red Hat Satellite 5.2
* Red Hat Satellite 5.3
* Red Hat Satellite 5.4
* Red Hat Satellite 5.5
Red Hat Enterprise Linux: This is the Six-Month notification for the retirement of Red Hat Enterprise
Linux 6.5 Extended Update Support (EUS). This notification applies only to
those customers subscribed to the Extended Update Support (EUS) channel for
Red Hat Enterprise Linux 6.5.
Drupal Views Module Access Bypass Vulnerability
Red Hat Security Advisory 2015-1036-01 – After May 29, 2015, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite versions 5.5 or older.
IBM Cognos Business Intelligence Developer version 10.2.1 suffers from an open redirect vulnerability.
Have you added up your spending on Starbucks coffee lately? If like me you grab a coffee five days a week at $3.65 then you have an annual bill of just under $1000. When I saw that a hacker had found a way to get unlimited free coffee it caught my interest, especially see that there have been a number of Starbucks related issues over the last 12 months.
Egor Homakov’s hack is more a logic mistake or bug than a hack, you can read his blog on how he did it in detail here. He started by purchasing three gift cards with a value of $5, the type anyone can purchase over the register.
Registering the cards online at starbucks.com then allows you to move money between cards and top them up as necessary. Homakov then started sending requests to move the cash between the cards using 2 different browsers at the same time. Doing this, he managed to break the logic and transfer the same $5 from card A to card B twice confusing the Starbucks system and gaining $5 in the process, thus making himself an extra $5.
This was possible thanks to what is known as a Race Condition in the way the transaction is processed. It takes place in two steps, the request and the acknowledgement.
In theory, this exploit could be run indefinitely to generate an unlimited amount of funds on a gift card.
Homakov did not do this though, after gaining the extra cash he tested the cards in a store purchasing coffee and a sandwich at a total of $16.70, proving he had more than he started with but limiting the loss to Starbucks to just $1.70.
Image courtesy of sakurity.com
As a responsible security expert he contacted Starbucks through their support system on March 23 and did not receive a response until April 29, and the bug has now been closed.
There seems to be a pattern of hacks and bugs at Starbucks, just a few weeks ago there was another issue with gift cards and the transfer of funds linked to bank account, see the analysis here. And last year there was an issue that passwords on the Starbucks app for iOS were being held in clear text, this one had a similar experience with Starbucks taking time to answer the disclosure from the expert, see the article here.
Starbucks mentioned the word ‘fraud’ when talking with Homakov rather than understanding that a responsible expert may have just saved them millions of pounds and saying thank you.
Personally I think he should be rewarded with at least a years free coffee, at $1000 it would seem a small price to pay.
You can follow me on Twitter @TonyatAVG
A newly released annual Graduation Spending survey by the National Retail Federation (NRF) found the majority of us will give money, with more than 50% giving cash and another 30% presenting gift cards as their graduation gift. Cash and gift cards are especially popular in gifting for people between ages 45-54, who also likely to give/spend more, according to the NRF Survey.
The NRF found, on average, people will spend $102.50 for two grad gifts. More than 10% will buy electronics as a grad gift. And, not surprising, the tech purchasing is trending up from last year, when only 8% bought something tech related.
So what are the best tech gifts for grads?
Recent research indicates that laptops remain among the most popular and practical gifts, especially for high school grads heading off to college. A survey of high school grads, conducted by Impulse Research in 2014 found the majority of students (65 percent) felt a laptop was among the greatest gifts. And, of course, their price point is much more affordable these days.
I suspect smartphones and tablets are not far behind laptops and rising in popularity in terms of your high school grads’ desires – if your grad doesn’t already have a smartphone. (According to comScore, as of December 2014, north of 86% of 13- to 25-year-olds are smartphone owners.) It’s a particularly great gift coming from Mom or Dad, or Grandparents.
CNet has done its expert comparison of the latest in smartphone options, as well as host of other popular smart tech gifts for grads. Among the other top categories on a multitude of grad gift guide lists this year are:
Many of the tech gifts listed above skew in appeal toward men 18-34, but not all. Consumer research consistently reveals that women not only use technology, they are early adopters and buy more than men in certain cases – especially when it comes to social media.
So what’s a good tech-oriented gift for the women grads in your life?
At the top of my list for the young women I know is Sheryl Sandberg’s book Lean In for Graduates. Her original and inspirational Lean In book has been expanded and updated with six additional chapters offering advice on finding and getting the most out of a first job; résumé writing; best interviewing practices; salary negotiating, and more – including leaning in for millennial men.
As for me personally, I have always believed cash to be a safe gift, especially for grads I didn’t know very well. Though, I admit, giving cash is not nearly as satisfying as picking out a thoughtful gift you know the recipient wants. But the latter point is key…
According to a Stanford research study conducted in 2011, gift recipients also more appreciative of gifts they explicitly request than those they do not. The research revealed that recipients appreciated receiving items from their wish list and perceived the requested items to be more thoughtful and considerate. Though the research found the opposite perception among gift givers, who assume that both solicited and unsolicited gifts will be equally appreciated. Likewise, contrary to gift givers’ perception, the research study showed recipients appreciate receiving money much more than receiving an unsolicited gift.
So, perhaps, the best and most thoughtful plan is to ask your grad, in advance, what’s on their wish list— if you don’t already know. That’s what I intend to do…
Happy graduation to all of those who are celebrating this milestone of new beginnings in 2015!
Title image courtesy of collegelife.about.com
Irish businesses have been criticized for their IT security standards after it was revealed that a significant majority are not currently meeting the legal requirements.
The post Irish businesses may be penalized over inadequate IT security appeared first on We Live Security.
Red Hat Security Advisory 2015-1035-01 – In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.5 will be retired as of November 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.5 EUS after November 30, 2015.
